Tongxin xuebao (Oct 2017)
Penetration test method using blind SQL injection based on second-order fragment and reassembly
Abstract
How to get rid of the blindness of current SQL injection penetration test,produce the optimized attack pattern of SQL injection,enhance the effectiveness in the phase of attack generation,and improve the accuracy of vulnerability detection of SQL injection using penetration test,is a big challenge.In order to resolve these problems,a new penetration test method using blind SQL injection was proposed based on second-order fragment and reassembly.In this method,the SQL injection attack model was built firstly and then the multiform and multi-type attack patterns of SQL injection penetration test driven by the SQL injection attack model was produced,which can reduce the blindness of SQL injection penetration test and improve the accuracy of SQL injection vulnerability detection.The experiments of SQL injection vulnerability detection was conducted through the actual Web applications by using proposed method in comparison with current methods.The analysis results of test show the proposed method is better compared with other methods,which not only proves the effectiveness of proposed method,but also improve the accuracy of SQL injection vulnerability detection by reducing false negative in the defensive environment.
